Login with Amazon Documentation

Login with Amazon lets you protect your customer information by leveraging the user authentication system used by Amazon.com. Login with Amazon is based on OAuth 2.0, which has been broadly adopted for user authorized exchanges across sites. For more high-level details, see the Login with Amazon product overview page. For more workflow details, see the Conceptual Overview.

Note: This documentation is currently available in two places online: The Developer Portal (this site) and another site called login.amazon.com/documentation. The content here, on the Developer Portal, is more up-to-date than the content on the Login with Amazon site. The Login with Amazon team is in the process of taking the documentation content down from the Login with Amazon site.

Integrate Login with Amazon with your App

Login with Amazon for TVs, Game Consoles, and Other Devices

For sign-in on devices that are unable to launch a web browser (including Smart TVs, gaming consoles, watches, or other devices), Login with Amazon is supported using a programming model known as code-based linking (CBL).

Code-based linking is an authorization method in which your device displays an alphanumeric user code and a URL to a user who wants to Login with Amazon. The user then navigates to the URL from another device (such as a mobile phone or laptop), signs into their Amazon account if they aren’t already signed in, and enters the user code. Once they have finished, your device will recognize that they are authenticated, and will receive an access token which can be used to obtain the user’s customer profile data.

Security Considerations

The customer information Login with Amazon provides to participating websites is valuable, and precautions must be taken to ensure it stays confidential. The Login with Amazon protocol makes extensive use of HTTPS to protect communications between the user and Amazon, and between your website and Amazon. These topics explain any security threats that go beyond using HTTPS, and explains how you can prevent attackers from gaining valuable customer information.